@azure/msal-browser 5.16.0 → 5.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (394) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/IPublicClientApplication.mjs.map +1 -1
  3. package/dist/app/PublicClientApplication.mjs +1 -1
  4. package/dist/app/PublicClientApplication.mjs.map +1 -1
  5. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
  8. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  9. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs.map +1 -1
  10. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  11. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
  12. package/dist/cache/AccountManager.mjs +1 -1
  13. package/dist/cache/AccountManager.mjs.map +1 -1
  14. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  15. package/dist/cache/AsyncMemoryStorage.mjs.map +1 -1
  16. package/dist/cache/BrowserCacheManager.mjs +1 -1
  17. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  18. package/dist/cache/CacheHelpers.mjs +1 -1
  19. package/dist/cache/CacheHelpers.mjs.map +1 -1
  20. package/dist/cache/CacheKeys.mjs +1 -1
  21. package/dist/cache/CacheKeys.mjs.map +1 -1
  22. package/dist/cache/CookieStorage.mjs +1 -1
  23. package/dist/cache/CookieStorage.mjs.map +1 -1
  24. package/dist/cache/DatabaseStorage.mjs +1 -1
  25. package/dist/cache/DatabaseStorage.mjs.map +1 -1
  26. package/dist/cache/EncryptedData.mjs +1 -1
  27. package/dist/cache/LocalStorage.mjs +1 -1
  28. package/dist/cache/LocalStorage.mjs.map +1 -1
  29. package/dist/cache/MemoryStorage.mjs +1 -1
  30. package/dist/cache/MemoryStorage.mjs.map +1 -1
  31. package/dist/cache/SessionStorage.mjs +1 -1
  32. package/dist/cache/SessionStorage.mjs.map +1 -1
  33. package/dist/cache/TokenCache.mjs +1 -1
  34. package/dist/cache/TokenCache.mjs.map +1 -1
  35. package/dist/config/Configuration.mjs +2 -1
  36. package/dist/config/Configuration.mjs.map +1 -1
  37. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  38. package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
  39. package/dist/controllers/StandardController.mjs +2 -2
  40. package/dist/controllers/StandardController.mjs.map +1 -1
  41. package/dist/crypto/BrowserCrypto.mjs +1 -1
  42. package/dist/crypto/BrowserCrypto.mjs.map +1 -1
  43. package/dist/crypto/CryptoOps.mjs +1 -1
  44. package/dist/crypto/CryptoOps.mjs.map +1 -1
  45. package/dist/crypto/PkceGenerator.mjs +1 -1
  46. package/dist/crypto/PkceGenerator.mjs.map +1 -1
  47. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  48. package/dist/crypto/SignedHttpRequest.mjs.map +1 -1
  49. package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
  50. package/dist/custom_auth/CustomAuthConstants.mjs.map +1 -1
  51. package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  52. package/dist/custom_auth/CustomAuthPublicClientApplication.mjs.map +1 -1
  53. package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  54. package/dist/custom_auth/controller/CustomAuthStandardController.mjs.map +1 -1
  55. package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  56. package/dist/custom_auth/core/CustomAuthAuthority.mjs.map +1 -1
  57. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  58. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs.map +1 -1
  59. package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  60. package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs.map +1 -1
  61. package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  62. package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs.map +1 -1
  63. package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  64. package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  65. package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs.map +1 -1
  66. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  67. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs.map +1 -1
  68. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  69. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs.map +1 -1
  70. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  71. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs.map +1 -1
  72. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  73. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs.map +1 -1
  74. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  75. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs.map +1 -1
  76. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  77. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs.map +1 -1
  78. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  79. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs.map +1 -1
  80. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  81. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs.map +1 -1
  82. package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  83. package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs.map +1 -1
  84. package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  85. package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs.map +1 -1
  86. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  87. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs.map +1 -1
  88. package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  89. package/dist/custom_auth/core/error/CustomAuthApiError.mjs.map +1 -1
  90. package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
  91. package/dist/custom_auth/core/error/CustomAuthError.mjs.map +1 -1
  92. package/dist/custom_auth/core/error/HttpError.mjs +1 -1
  93. package/dist/custom_auth/core/error/HttpError.mjs.map +1 -1
  94. package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  95. package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  96. package/dist/custom_auth/core/error/InvalidArgumentError.mjs.map +1 -1
  97. package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  98. package/dist/custom_auth/core/error/InvalidConfigurationError.mjs.map +1 -1
  99. package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  100. package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  101. package/dist/custom_auth/core/error/MethodNotImplementedError.mjs.map +1 -1
  102. package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  103. package/dist/custom_auth/core/error/MsalCustomAuthError.mjs.map +1 -1
  104. package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  105. package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs.map +1 -1
  106. package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  107. package/dist/custom_auth/core/error/ParsedUrlError.mjs.map +1 -1
  108. package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  109. package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
  110. package/dist/custom_auth/core/error/UnexpectedError.mjs.map +1 -1
  111. package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  112. package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs.map +1 -1
  113. package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  114. package/dist/custom_auth/core/error/UserAccountAttributeError.mjs.map +1 -1
  115. package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  116. package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs.map +1 -1
  117. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  118. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs.map +1 -1
  119. package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  120. package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs.map +1 -1
  121. package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  122. package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs.map +1 -1
  123. package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  124. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  125. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs.map +1 -1
  126. package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  127. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  128. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs.map +1 -1
  129. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  130. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs.map +1 -1
  131. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  132. package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  133. package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs.map +1 -1
  134. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  135. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs.map +1 -1
  136. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  137. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs.map +1 -1
  138. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  139. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs.map +1 -1
  140. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  141. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  142. package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  143. package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs.map +1 -1
  144. package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  145. package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs.map +1 -1
  146. package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  147. package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  148. package/dist/custom_auth/core/utils/ArgumentValidator.mjs.map +1 -1
  149. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +1 -1
  150. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs.map +1 -1
  151. package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
  152. package/dist/custom_auth/core/utils/UrlUtils.mjs.map +1 -1
  153. package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  154. package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs.map +1 -1
  155. package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  156. package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs.map +1 -1
  157. package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  158. package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs.map +1 -1
  159. package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  160. package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs.map +1 -1
  161. package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  162. package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs.map +1 -1
  163. package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  164. package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs.map +1 -1
  165. package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  166. package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs.map +1 -1
  167. package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  168. package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs.map +1 -1
  169. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  170. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs.map +1 -1
  171. package/dist/custom_auth/index.mjs +1 -1
  172. package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  173. package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs.map +1 -1
  174. package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  175. package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs.map +1 -1
  176. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  177. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs.map +1 -1
  178. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  179. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs.map +1 -1
  180. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  181. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs.map +1 -1
  182. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  183. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs.map +1 -1
  184. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  185. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs.map +1 -1
  186. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  187. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs.map +1 -1
  188. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  189. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs.map +1 -1
  190. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  191. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs.map +1 -1
  192. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  193. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs.map +1 -1
  194. package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  195. package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs.map +1 -1
  196. package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  197. package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs.map +1 -1
  198. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  199. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs.map +1 -1
  200. package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  201. package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs.map +1 -1
  202. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  203. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs.map +1 -1
  204. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  205. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs.map +1 -1
  206. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  207. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs.map +1 -1
  208. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  209. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs.map +1 -1
  210. package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  211. package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs.map +1 -1
  212. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  213. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs.map +1 -1
  214. package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  215. package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs.map +1 -1
  216. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  217. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs.map +1 -1
  218. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  219. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs.map +1 -1
  220. package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  221. package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs.map +1 -1
  222. package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  223. package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  224. package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs.map +1 -1
  225. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  226. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs.map +1 -1
  227. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  228. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs.map +1 -1
  229. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  230. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs.map +1 -1
  231. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  232. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs.map +1 -1
  233. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  234. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs.map +1 -1
  235. package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  236. package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs.map +1 -1
  237. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  238. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs.map +1 -1
  239. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  240. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs.map +1 -1
  241. package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  242. package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs.map +1 -1
  243. package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  244. package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs.map +1 -1
  245. package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  246. package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs.map +1 -1
  247. package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  248. package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs.map +1 -1
  249. package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  250. package/dist/encode/Base64Decode.mjs +1 -1
  251. package/dist/encode/Base64Encode.mjs +1 -1
  252. package/dist/error/BrowserAuthError.mjs +1 -1
  253. package/dist/error/BrowserAuthError.mjs.map +1 -1
  254. package/dist/error/BrowserAuthErrorCodes.mjs +3 -2
  255. package/dist/error/BrowserAuthErrorCodes.mjs.map +1 -1
  256. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  257. package/dist/error/BrowserConfigurationAuthError.mjs.map +1 -1
  258. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  259. package/dist/error/NativeAuthError.mjs +1 -1
  260. package/dist/error/NativeAuthError.mjs.map +1 -1
  261. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  262. package/dist/error/NestedAppAuthError.mjs +1 -1
  263. package/dist/error/NestedAppAuthError.mjs.map +1 -1
  264. package/dist/event/EventHandler.mjs +1 -1
  265. package/dist/event/EventHandler.mjs.map +1 -1
  266. package/dist/event/EventMessage.mjs +1 -1
  267. package/dist/event/EventMessage.mjs.map +1 -1
  268. package/dist/event/EventType.mjs +1 -1
  269. package/dist/event/EventType.mjs.map +1 -1
  270. package/dist/index.mjs +1 -1
  271. package/dist/index.mjs.map +1 -1
  272. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  273. package/dist/interaction_client/BaseInteractionClient.mjs.map +1 -1
  274. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  275. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs.map +1 -1
  276. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  277. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  278. package/dist/interaction_client/PopupClient.mjs +77 -10
  279. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  280. package/dist/interaction_client/RedirectClient.mjs +1 -1
  281. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  282. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  283. package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
  284. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  285. package/dist/interaction_client/SilentCacheClient.mjs.map +1 -1
  286. package/dist/interaction_client/SilentIframeClient.mjs +1 -1
  287. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  288. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  289. package/dist/interaction_client/SilentRefreshClient.mjs.map +1 -1
  290. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  291. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  292. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  293. package/dist/interaction_handler/InteractionHandler.mjs.map +1 -1
  294. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  295. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  296. package/dist/log-strings-mapping.json +7 -3
  297. package/dist/naa/BridgeError.mjs +1 -1
  298. package/dist/naa/BridgeProxy.mjs +2 -2
  299. package/dist/naa/BridgeProxy.mjs.map +1 -1
  300. package/dist/naa/BridgeStatusCode.mjs +1 -1
  301. package/dist/naa/BridgeStatusCode.mjs.map +1 -1
  302. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  303. package/dist/naa/mapping/NestedAppAuthAdapter.mjs.map +1 -1
  304. package/dist/navigation/NavigationClient.mjs +1 -1
  305. package/dist/navigation/NavigationClient.mjs.map +1 -1
  306. package/dist/network/FetchClient.mjs +1 -1
  307. package/dist/network/FetchClient.mjs.map +1 -1
  308. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  309. package/dist/operatingcontext/BaseOperatingContext.mjs.map +1 -1
  310. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  311. package/dist/operatingcontext/NestedAppOperatingContext.mjs.map +1 -1
  312. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  313. package/dist/operatingcontext/StandardOperatingContext.mjs.map +1 -1
  314. package/dist/packageMetadata.mjs +2 -2
  315. package/dist/popup_relay/constants.mjs +21 -0
  316. package/dist/popup_relay/constants.mjs.map +1 -0
  317. package/dist/popup_relay/index.mjs +163 -0
  318. package/dist/popup_relay/index.mjs.map +1 -0
  319. package/dist/popup_relay/relayClient.mjs +114 -0
  320. package/dist/popup_relay/relayClient.mjs.map +1 -0
  321. package/dist/protocol/Authorize.mjs +42 -24
  322. package/dist/protocol/Authorize.mjs.map +1 -1
  323. package/dist/redirect_bridge/index.mjs +1 -1
  324. package/dist/redirect_bridge/index.mjs.map +1 -1
  325. package/dist/request/RequestHelpers.mjs +1 -1
  326. package/dist/request/RequestHelpers.mjs.map +1 -1
  327. package/dist/response/ResponseHandler.mjs +1 -1
  328. package/dist/response/ResponseHandler.mjs.map +1 -1
  329. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  330. package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
  331. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  332. package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
  333. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  334. package/dist/telemetry/BrowserPerformanceMeasurement.mjs.map +1 -1
  335. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  336. package/dist/utils/BrowserConstants.mjs +1 -1
  337. package/dist/utils/BrowserConstants.mjs.map +1 -1
  338. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  339. package/dist/utils/BrowserProtocolUtils.mjs.map +1 -1
  340. package/dist/utils/BrowserUtils.mjs +2 -2
  341. package/dist/utils/BrowserUtils.mjs.map +1 -1
  342. package/dist/utils/Helpers.mjs +1 -1
  343. package/dist/utils/Helpers.mjs.map +1 -1
  344. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  345. package/dist/utils/MsalFrameStatsUtils.mjs.map +1 -1
  346. package/lib/custom-auth-path/log-strings-mapping.json +7 -3
  347. package/lib/custom-auth-path/msal-custom-auth.cjs +5973 -5767
  348. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  349. package/lib/custom-auth-path/msal-custom-auth.js +5973 -5767
  350. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
  351. package/lib/log-strings-mapping.json +7 -3
  352. package/lib/msal-browser.cjs +6814 -6605
  353. package/lib/msal-browser.cjs.map +1 -1
  354. package/lib/msal-browser.js +6814 -6605
  355. package/lib/msal-browser.js.map +1 -1
  356. package/lib/msal-browser.min.js +2 -2
  357. package/lib/popup-relay/msal-popup-relay.cjs +278 -0
  358. package/lib/popup-relay/msal-popup-relay.cjs.map +1 -0
  359. package/lib/popup-relay/msal-popup-relay.js +284 -0
  360. package/lib/popup-relay/msal-popup-relay.js.map +1 -0
  361. package/lib/popup-relay/msal-popup-relay.min.js +2 -0
  362. package/lib/redirect-bridge/msal-redirect-bridge.cjs +39 -39
  363. package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
  364. package/lib/redirect-bridge/msal-redirect-bridge.js +39 -39
  365. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  366. package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
  367. package/package.json +14 -3
  368. package/scripts/README.md +112 -0
  369. package/scripts/decode-logs.cjs +822 -0
  370. package/src/config/Configuration.ts +18 -0
  371. package/src/error/BrowserAuthErrorCodes.ts +1 -0
  372. package/src/interaction_client/PopupClient.ts +137 -23
  373. package/src/packageMetadata.ts +1 -1
  374. package/src/popup_relay/constants.ts +17 -0
  375. package/src/popup_relay/index.ts +221 -0
  376. package/src/popup_relay/relayClient.ts +178 -0
  377. package/src/protocol/Authorize.ts +76 -27
  378. package/types/config/Configuration.d.ts +16 -0
  379. package/types/config/Configuration.d.ts.map +1 -1
  380. package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  381. package/types/error/BrowserAuthErrorCodes.d.ts +1 -0
  382. package/types/error/BrowserAuthErrorCodes.d.ts.map +1 -1
  383. package/types/interaction_client/PopupClient.d.ts +13 -0
  384. package/types/interaction_client/PopupClient.d.ts.map +1 -1
  385. package/types/packageMetadata.d.ts +1 -1
  386. package/types/popup_relay/constants.d.ts +13 -0
  387. package/types/popup_relay/constants.d.ts.map +1 -0
  388. package/types/popup_relay/index.d.cts +1 -0
  389. package/types/popup_relay/index.d.ts +42 -0
  390. package/types/popup_relay/index.d.ts.map +1 -0
  391. package/types/popup_relay/relayClient.d.ts +43 -0
  392. package/types/popup_relay/relayClient.d.ts.map +1 -0
  393. package/types/protocol/Authorize.d.ts +25 -0
  394. package/types/protocol/Authorize.d.ts.map +1 -1
@@ -67,6 +67,23 @@ export type BrowserAuthOptions = {
67
67
  */
68
68
  postLogoutRedirectUri?: string | null;
69
69
 
70
+ /**
71
+ * URI of a first-party, top-level "popup-relay" page used to acquire tokens
72
+ * interactively from inside a cross-origin iframe that an untrusted host has
73
+ * embedded (where third-party storage partitioning and COOP break the normal
74
+ * popup flow). When set, `acquireTokenPopup` opens this page top-level
75
+ * instead of navigating the popup straight to the IdP, and the page must call
76
+ * `runPopupRelay()`. Resolved relative to the app origin, so it must be
77
+ * same-origin as the embedded frame.
78
+ *
79
+ * This is a browser SPA-only mechanism (`PublicClientApplication` in
80
+ * `@azure/msal-browser`): it brokers the standard interactive popup
81
+ * auth-code flow through a same-origin page. It does not apply to native
82
+ * app, platform broker (WAM), Nested App Auth, or confidential-client /
83
+ * server-side scenarios.
84
+ */
85
+ popupRelayUri?: string;
86
+
70
87
  /**
71
88
  * Array of capabilities which will be added to the claims.access_token.xms_cc request property on every network request.
72
89
  */
@@ -271,6 +288,7 @@ export function buildConfiguration(
271
288
  ? window.location.href.split("?")[0].split("#")[0]
272
289
  : "",
273
290
  postLogoutRedirectUri: "",
291
+ popupRelayUri: "",
274
292
  clientCapabilities: [],
275
293
  OIDCOptions: {
276
294
  responseMode: Constants.ResponseMode.FRAGMENT,
@@ -24,6 +24,7 @@ export const redirectBridgeEmptyResponse = "redirect_bridge_empty_response";
24
24
  export const redirectInIframe = "redirect_in_iframe";
25
25
  export const blockIframeReload = "block_iframe_reload";
26
26
  export const blockNestedPopups = "block_nested_popups";
27
+ export const popupRelayUnsupportedFlow = "popup_relay_unsupported_flow";
27
28
  export const iframeClosedPrematurely = "iframe_closed_prematurely";
28
29
  export const silentLogoutUnsupported = "silent_logout_unsupported";
29
30
  export const noAccountError = "no_account_error";
@@ -19,6 +19,7 @@ import {
19
19
  PkceCodes,
20
20
  CommonAuthorizationUrlRequest,
21
21
  ProtocolUtils,
22
+ Authority,
22
23
  } from "@azure/msal-common/browser";
23
24
  import {
24
25
  initializeAuthorizationRequest,
@@ -34,6 +35,8 @@ import {
34
35
  import { EndSessionPopupRequest } from "../request/EndSessionPopupRequest.js";
35
36
  import { NavigationOptions } from "../navigation/NavigationOptions.js";
36
37
  import * as BrowserUtils from "../utils/BrowserUtils.js";
38
+ import * as PopupRelay from "../popup_relay/relayClient.js";
39
+ import { base64Decode } from "../encode/Base64Decode.js";
37
40
  import { PopupRequest } from "../request/PopupRequest.js";
38
41
  import {
39
42
  createBrowserAuthError,
@@ -375,9 +378,26 @@ export class PopupClient extends StandardInteractionClient {
375
378
  this.performanceClient
376
379
  );
377
380
 
381
+ /*
382
+ * When a popup-relay page is configured, open it top-level
383
+ * (same first-party origin) instead of navigating the popup
384
+ * straight to the IdP, and carry the /authorize URL in its hash.
385
+ * The relay page opens the IdP child popup and relays the
386
+ * response back via postMessage (see waitForPopupResponse).
387
+ */
388
+ const popupRelayUri = this.config.auth.popupRelayUri;
389
+ const popupNavigateUrl = popupRelayUri
390
+ ? PopupRelay.buildPopupRelayUrl(
391
+ popupRelayUri,
392
+ this.getRelayStateId(request.state, correlationId),
393
+ { method: "GET", url: navigateUrl },
394
+ correlationId
395
+ )
396
+ : navigateUrl;
397
+
378
398
  // Show the UI once the url has been created. Get the window handle for the popup.
379
399
  const popupWindow: Window = this.initiateAuthRequest(
380
- navigateUrl,
400
+ popupNavigateUrl,
381
401
  popupParams
382
402
  );
383
403
  this.eventHandler.emitEvent(
@@ -497,18 +517,13 @@ export class PopupClient extends StandardInteractionClient {
497
517
  earJwk: earJwk,
498
518
  codeChallenge: pkce.challenge,
499
519
  };
500
- const popupWindow =
501
- popupParams.popup || this.openPopup("about:blank", popupParams);
502
-
503
- const form = await Authorize.getEARForm(
504
- popupWindow.document,
505
- this.config,
506
- discoveredAuthority,
520
+ const popupWindow = await this.openPostFormPopup(
507
521
  popupRequest,
508
- this.logger,
509
- this.performanceClient
522
+ discoveredAuthority,
523
+ popupParams,
524
+ correlationId,
525
+ true
510
526
  );
511
- form.submit();
512
527
 
513
528
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
514
529
  const responseString = await invokeAsync(
@@ -621,20 +636,14 @@ export class PopupClient extends StandardInteractionClient {
621
636
  this.logger
622
637
  );
623
638
 
624
- const popupWindow =
625
- popupParams.popup || this.openPopup("about:blank", popupParams);
626
-
627
- const form = await Authorize.getCodeForm(
628
- popupWindow.document,
629
- this.config,
630
- discoveredAuthority,
639
+ const popupWindow = await this.openPostFormPopup(
631
640
  request,
632
- this.logger,
633
- this.performanceClient
641
+ discoveredAuthority,
642
+ popupParams,
643
+ correlationId,
644
+ false
634
645
  );
635
646
 
636
- form.submit();
637
-
638
647
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
639
648
  const responseString = await invokeAsync(
640
649
  this.waitForPopupResponse.bind(this),
@@ -794,8 +803,30 @@ export class PopupClient extends StandardInteractionClient {
794
803
  validRequest
795
804
  );
796
805
 
806
+ /*
807
+ * When a popup-relay page is configured, open it top-level (same
808
+ * first-party origin) and carry the end-session URL in its hash,
809
+ * exactly like the login flow. The relay page opens the IdP child
810
+ * popup and the post-logout redirect page (running the redirect
811
+ * bridge) relays completion back via postMessage — so logout works
812
+ * from an embedded, cross-origin iframe where a direct popup to the
813
+ * IdP cannot. See runPopupRelay / waitForPopupResponse.
814
+ */
815
+ const popupRelayUri = this.config.auth.popupRelayUri;
816
+ const popupNavigateUrl = popupRelayUri
817
+ ? PopupRelay.buildPopupRelayUrl(
818
+ popupRelayUri,
819
+ this.getRelayStateId(
820
+ validRequest.state || "",
821
+ this.correlationId
822
+ ),
823
+ { method: "GET", url: logoutUri },
824
+ this.correlationId
825
+ )
826
+ : logoutUri;
827
+
797
828
  // Open the popup window to requestUrl.
798
- const popupWindow = this.openPopup(logoutUri, popupParams);
829
+ const popupWindow = this.openPopup(popupNavigateUrl, popupParams);
799
830
  this.eventHandler.emitEvent(
800
831
  EventType.POPUP_OPENED,
801
832
  validRequest.correlationId,
@@ -1074,11 +1105,94 @@ export class PopupClient extends StandardInteractionClient {
1074
1105
  return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`;
1075
1106
  }
1076
1107
 
1108
+ /**
1109
+ * Decodes the per-request library-state id from the encoded request state.
1110
+ */
1111
+ private getRelayStateId(state: string, correlationId: string): string {
1112
+ return ProtocolUtils.parseRequestState(
1113
+ base64Decode,
1114
+ state,
1115
+ correlationId
1116
+ ).libraryState.id;
1117
+ }
1118
+
1119
+ /**
1120
+ * Opens the interactive popup for a POST-form /authorize request. Shared by
1121
+ * the auth-code POST and EAR flows, which are identical apart from the form
1122
+ * builder (`isEAR` selects the EAR vs auth-code builders). When a
1123
+ * popup-relay page is configured the form is carried to the relay page
1124
+ * (which opens the IdP child popup); otherwise the form is submitted
1125
+ * directly into the popup.
1126
+ */
1127
+ private async openPostFormPopup(
1128
+ request: CommonAuthorizationUrlRequest,
1129
+ discoveredAuthority: Authority,
1130
+ popupParams: PopupParams,
1131
+ correlationId: string,
1132
+ isEAR: boolean
1133
+ ): Promise<Window> {
1134
+ const popupRelayUri = this.config.auth.popupRelayUri;
1135
+ if (popupRelayUri) {
1136
+ const getFormData = isEAR
1137
+ ? Authorize.getEARFormData
1138
+ : Authorize.getCodeFormData;
1139
+ const formData = await getFormData(
1140
+ this.config,
1141
+ discoveredAuthority,
1142
+ request,
1143
+ this.logger,
1144
+ this.performanceClient
1145
+ );
1146
+ const relayUrl = PopupRelay.buildPopupRelayUrl(
1147
+ popupRelayUri,
1148
+ this.getRelayStateId(request.state, correlationId),
1149
+ {
1150
+ method: "POST",
1151
+ action: formData.action,
1152
+ fields: formData.fields,
1153
+ },
1154
+ correlationId
1155
+ );
1156
+ return this.initiateAuthRequest(relayUrl, popupParams);
1157
+ }
1158
+
1159
+ const popupWindow =
1160
+ popupParams.popup || this.openPopup("about:blank", popupParams);
1161
+ const getForm = isEAR ? Authorize.getEARForm : Authorize.getCodeForm;
1162
+ const form = await getForm(
1163
+ popupWindow.document,
1164
+ this.config,
1165
+ discoveredAuthority,
1166
+ request,
1167
+ this.logger,
1168
+ this.performanceClient
1169
+ );
1170
+ form.submit();
1171
+ return popupWindow;
1172
+ }
1173
+
1077
1174
  protected async waitForPopupResponse(
1078
1175
  request: CommonAuthorizationUrlRequest | CommonEndSessionRequest,
1079
1176
  popupWindow: Window,
1080
1177
  popupWindowParent: Window
1081
1178
  ): Promise<string> {
1179
+ /*
1180
+ * When a popup-relay page is configured the response is relayed back to
1181
+ * this frame by the relay page via postMessage, and the relay popup's
1182
+ * lifecycle (including the user dismissing it before signing in) must be
1183
+ * tracked here. This takes precedence over the default bridge response
1184
+ * hook, whose BroadcastChannel cannot reach a partitioned cross-site
1185
+ * frame and which does not track the relay popup.
1186
+ */
1187
+ if (this.config.auth.popupRelayUri) {
1188
+ return PopupRelay.waitForPopupRelayResponse(
1189
+ this.config.system.popupBridgeTimeout,
1190
+ this.logger,
1191
+ request,
1192
+ popupWindow,
1193
+ this.performanceClient
1194
+ );
1195
+ }
1082
1196
  if (this.waitForPopupResponseHook) {
1083
1197
  return this.waitForPopupResponseHook(
1084
1198
  request,
@@ -1,3 +1,3 @@
1
1
  /* eslint-disable header/header */
2
2
  export const name = "@azure/msal-browser";
3
- export const version = "5.16.0";
3
+ export const version = "5.17.0";
@@ -0,0 +1,17 @@
1
+ /*
2
+ * Copyright (c) Microsoft Corporation. All rights reserved.
3
+ * Licensed under the MIT License.
4
+ */
5
+
6
+ /**
7
+ * postMessage envelope type used to relay an auth response from a popup-relay
8
+ * page (see `runPopupRelay`) back to the embedded frame that opened it. See
9
+ * {@link BrowserAuthOptions.popupRelayUri}.
10
+ *
11
+ * Kept dependency-free so both the relay-page entry (`./index.js`) and the
12
+ * client-side helpers (`./relayClient.js`) can import it without either bundle
13
+ * pulling in the other's dependencies.
14
+ *
15
+ * @internal
16
+ */
17
+ export const POPUP_RELAY_RESPONSE_TYPE = "msal:popup-relay-response:v1";
@@ -0,0 +1,221 @@
1
+ /*
2
+ * Copyright (c) Microsoft Corporation. All rights reserved.
3
+ * Licensed under the MIT License.
4
+ */
5
+
6
+ import { POPUP_RELAY_RESPONSE_TYPE } from "./constants.js";
7
+ import {
8
+ BrowserAuthErrorCodes,
9
+ createBrowserAuthError,
10
+ } from "../error/BrowserAuthError.js";
11
+ import { createForm } from "../protocol/Authorize.js";
12
+ import { PopupWindowAttributes } from "../request/PopupWindowAttributes.js";
13
+
14
+ /** Options for {@link runPopupRelay}. */
15
+ export type PopupRelayOptions = {
16
+ /**
17
+ * Sizing/positioning for the IdP child popup the relay page opens. Same
18
+ * shape as `PopupRequest.popupWindowAttributes` (`popupSize` with width and
19
+ * height, `popupPosition` with top and left). Defaults to a 520x640 window.
20
+ */
21
+ popupWindowAttributes?: PopupWindowAttributes;
22
+ /**
23
+ * How long (ms) to wait for the IdP child popup to deliver a response
24
+ * before giving up. Defaults to 300000 (5 minutes).
25
+ */
26
+ timeoutMs?: number;
27
+ };
28
+
29
+ type PopupRelayRequest = { id: string } & (
30
+ | { method: "GET"; url: string }
31
+ | { method: "POST"; action: string; fields: Record<string, string> }
32
+ );
33
+
34
+ const DEFAULT_POPUP_RELAY_TIMEOUT_MS = 300000;
35
+ const DEFAULT_POPUP_RELAY_WIDTH = 520;
36
+ const DEFAULT_POPUP_RELAY_HEIGHT = 640;
37
+
38
+ /**
39
+ * Builds the `window.open` features string for the IdP child popup from a
40
+ * {@link PopupWindowAttributes}, mirroring the shape used by
41
+ * `PopupRequest.popupWindowAttributes`.
42
+ */
43
+ function buildChildPopupFeatures(attributes?: PopupWindowAttributes): string {
44
+ const width = attributes?.popupSize?.width || DEFAULT_POPUP_RELAY_WIDTH;
45
+ const height = attributes?.popupSize?.height || DEFAULT_POPUP_RELAY_HEIGHT;
46
+ const features = [`width=${width}`, `height=${height}`];
47
+ if (attributes?.popupPosition?.top !== undefined) {
48
+ features.push(`top=${attributes.popupPosition.top}`);
49
+ }
50
+ if (attributes?.popupPosition?.left !== undefined) {
51
+ features.push(`left=${attributes.popupPosition.left}`);
52
+ }
53
+ features.push("scrollbars=yes");
54
+ return features.join(",");
55
+ }
56
+
57
+ /**
58
+ * Entry point for the top-level "popup-relay" page referenced by
59
+ * `auth.popupRelayUri`. Call this from the relay page (which MSAL opens as a
60
+ * top-level popup from inside an embedded, cross-origin iframe). It:
61
+ *
62
+ * 1. Reads the IdP navigation MSAL passed in this page's hash (a GET URL, or a
63
+ * POST form for the form_post / EAR response modes), then scrubs the hash.
64
+ * 2. Opens the IdP child popup and performs that navigation (the relay page
65
+ * stays put, so its `window.opener` link back to the embedded frame
66
+ * survives COOP).
67
+ * 3. Waits for the child's redirect URI page (which must run the redirect
68
+ * bridge, `broadcastResponseToMainFrame`) to broadcast the raw auth
69
+ * response over a same-origin `BroadcastChannel`.
70
+ * 4. Relays that raw response back to the embedded frame via
71
+ * `opener.postMessage`, posting only to its own (same) origin, then closes.
72
+ *
73
+ * The embedded frame keeps the PKCE verifier (and EAR private key) and exchanges
74
+ * the relayed response itself — no token, verifier, or private key ever crosses
75
+ * a window boundary.
76
+ *
77
+ * Note: the child popup is opened when this function runs, so call it from a
78
+ * user gesture (e.g. a "Continue" button click) to avoid popup blockers.
79
+ *
80
+ * @param options - {@link PopupRelayOptions}
81
+ */
82
+ export function runPopupRelay(options?: PopupRelayOptions): void {
83
+ const opener = window.opener as Window | null;
84
+ const targetOrigin = window.location.origin;
85
+
86
+ const hashParams = new URLSearchParams(
87
+ window.location.hash.replace(/^#/, "")
88
+ );
89
+ const rawReq = hashParams.get("req") || "";
90
+
91
+ // Scrub the relayed request out of the relay page's own URL immediately.
92
+ if (typeof window.history.replaceState === "function") {
93
+ window.history.replaceState(
94
+ null,
95
+ "",
96
+ window.location.origin + window.location.pathname
97
+ );
98
+ }
99
+
100
+ if (!opener) {
101
+ throw createBrowserAuthError(
102
+ BrowserAuthErrorCodes.popupRelayUnsupportedFlow,
103
+ "",
104
+ "popup_relay_no_opener"
105
+ );
106
+ }
107
+
108
+ let request: PopupRelayRequest;
109
+ try {
110
+ request = JSON.parse(rawReq) as PopupRelayRequest;
111
+ } catch (e) {
112
+ throw createBrowserAuthError(
113
+ BrowserAuthErrorCodes.popupRelayUnsupportedFlow,
114
+ "",
115
+ "popup_relay_bad_request"
116
+ );
117
+ }
118
+ if (!request || !request.id) {
119
+ throw createBrowserAuthError(
120
+ BrowserAuthErrorCodes.popupRelayUnsupportedFlow,
121
+ "",
122
+ "popup_relay_bad_request"
123
+ );
124
+ }
125
+
126
+ const id = request.id;
127
+ const channel = new BroadcastChannel(id);
128
+ let settled = false;
129
+ /*
130
+ * Timer handles are kept on a const holder so relay() (declared before the
131
+ * timers are created) can clear them — `let` handles trip prefer-const, and
132
+ * `const` handles can't be referenced before assignment (TDZ).
133
+ */
134
+ const timers: {
135
+ closedPoll?: number;
136
+ timeoutId?: number;
137
+ } = {};
138
+
139
+ const relay = (message: { payload?: string; error?: string }): void => {
140
+ if (settled) {
141
+ return;
142
+ }
143
+ settled = true;
144
+ try {
145
+ channel.close();
146
+ } catch (e) {
147
+ /* ignore */
148
+ }
149
+ clearInterval(timers.closedPoll);
150
+ clearTimeout(timers.timeoutId);
151
+ opener.postMessage(
152
+ { type: POPUP_RELAY_RESPONSE_TYPE, id, ...message },
153
+ targetOrigin
154
+ );
155
+ setTimeout(() => {
156
+ try {
157
+ window.close();
158
+ } catch (e) {
159
+ /* ignore */
160
+ }
161
+ }, 0);
162
+ };
163
+
164
+ // The redirect bridge broadcasts the raw auth response payload here.
165
+ channel.onmessage = (event: MessageEvent): void => {
166
+ const payload = event.data && event.data.payload;
167
+ if (payload) {
168
+ relay({ payload });
169
+ }
170
+ };
171
+
172
+ const features = buildChildPopupFeatures(options?.popupWindowAttributes);
173
+ const childPopup =
174
+ request.method === "POST"
175
+ ? window.open("about:blank", "msalPopupRelayChild", features)
176
+ : window.open(request.url, "msalPopupRelayChild", features);
177
+
178
+ if (!childPopup) {
179
+ relay({ error: BrowserAuthErrorCodes.popupWindowError });
180
+ return;
181
+ }
182
+
183
+ if (request.method === "POST") {
184
+ createForm(
185
+ childPopup.document,
186
+ request.action,
187
+ request.fields
188
+ ).submit();
189
+ }
190
+
191
+ timers.closedPoll = window.setInterval(() => {
192
+ if (childPopup.closed && !settled) {
193
+ /*
194
+ * The popup is gone, so the overall timeout no longer applies —
195
+ * drop it and report cancellation. A successful sign-in settles
196
+ * first: the redirect bridge broadcasts the response before it
197
+ * closes the popup, so onmessage runs on the
198
+ * next event-loop turn, well before this 500ms poll observes the
199
+ * close — the `!settled` guard then skips cancellation.
200
+ */
201
+ clearTimeout(timers.timeoutId);
202
+ relay({ error: BrowserAuthErrorCodes.userCancelled });
203
+ }
204
+ }, 500);
205
+
206
+ timers.timeoutId = window.setTimeout(() => {
207
+ if (!settled) {
208
+ /*
209
+ * Stop the close poll before we close the popup ourselves, so it
210
+ * can't observe the close and report user_cancelled instead.
211
+ */
212
+ clearInterval(timers.closedPoll);
213
+ try {
214
+ childPopup.close();
215
+ } catch (e) {
216
+ /* ignore */
217
+ }
218
+ relay({ error: BrowserAuthErrorCodes.timedOut });
219
+ }
220
+ }, options?.timeoutMs || DEFAULT_POPUP_RELAY_TIMEOUT_MS);
221
+ }
@@ -0,0 +1,178 @@
1
+ /*
2
+ * Copyright (c) Microsoft Corporation. All rights reserved.
3
+ * Licensed under the MIT License.
4
+ */
5
+
6
+ import {
7
+ IPerformanceClient,
8
+ Logger,
9
+ ProtocolUtils,
10
+ } from "@azure/msal-common/browser";
11
+ import { base64Decode } from "../encode/Base64Decode.js";
12
+ import {
13
+ BrowserAuthErrorCodes,
14
+ createBrowserAuthError,
15
+ } from "../error/BrowserAuthError.js";
16
+ import { redirectBridgeEmptyResponse } from "../error/BrowserAuthErrorCodes.js";
17
+ import type { WaitForBridgeRequest } from "../utils/BrowserUtils.js";
18
+ import { POPUP_RELAY_RESPONSE_TYPE } from "./constants.js";
19
+
20
+ /**
21
+ * The navigation the popup-relay page should perform in its IdP child popup:
22
+ * either a GET navigation to a URL, or a POST form submission (used by the
23
+ * form_post and EAR response modes).
24
+ *
25
+ * @internal
26
+ */
27
+ export type PopupRelayAction =
28
+ | { method: "GET"; url: string }
29
+ | { method: "POST"; action: string; fields: Record<string, string> };
30
+
31
+ /**
32
+ * Builds the URL of the popup-relay page to open. The action the relay page
33
+ * must perform (GET navigation or POST form) is carried in the page's hash
34
+ * (client-side only, never sent to a server), keyed by the per-request
35
+ * library-state `id` so the relay page can listen on the right BroadcastChannel
36
+ * and echo the id back. The relay URI is resolved against the app origin, so it
37
+ * must be same-origin as the embedded frame. See `runPopupRelay`.
38
+ *
39
+ * @internal
40
+ */
41
+ export function buildPopupRelayUrl(
42
+ popupRelayUri: string,
43
+ id: string,
44
+ action: PopupRelayAction,
45
+ correlationId: string
46
+ ): string {
47
+ const req = { id, ...action };
48
+ const target = new URL(popupRelayUri, window.location.origin);
49
+ /*
50
+ * The relay page must be same-origin as the embedded frame: the response is
51
+ * relayed back via postMessage and only accepted from this origin, and a
52
+ * cross-origin page would also receive the relayed /authorize request. Fail
53
+ * fast with a clear error instead of silently relaying to (and timing out
54
+ * against) the wrong origin.
55
+ */
56
+ if (target.origin !== window.location.origin) {
57
+ throw createBrowserAuthError(
58
+ BrowserAuthErrorCodes.popupRelayUnsupportedFlow,
59
+ correlationId,
60
+ "popup_relay_cross_origin"
61
+ );
62
+ }
63
+ const hashParams = new URLSearchParams();
64
+ hashParams.set("req", JSON.stringify(req));
65
+ target.hash = hashParams.toString();
66
+ return target.toString();
67
+ }
68
+
69
+ /**
70
+ * Waits for the popup-relay page to relay the raw auth response back to the
71
+ * embedded frame via postMessage. Used in place of `waitForBridgeResponse`
72
+ * when `auth.popupRelayUri` is configured, because third-party storage
73
+ * partitioning blocks the BroadcastChannel the redirect bridge uses from
74
+ * reaching the embedded frame.
75
+ *
76
+ * The response is accepted only from the popup window we opened, on our own
77
+ * origin (the relay page is same-origin as the embedded frame), and only when
78
+ * it carries the matching per-request library-state id.
79
+ *
80
+ * @internal
81
+ */
82
+ export async function waitForPopupRelayResponse(
83
+ timeoutMs: number,
84
+ logger: Logger,
85
+ request: WaitForBridgeRequest,
86
+ popupWindow: Window,
87
+ performanceClient: IPerformanceClient
88
+ ): Promise<string> {
89
+ return new Promise<string>((resolve, reject) => {
90
+ const correlationId = request.correlationId;
91
+ logger.verbose(
92
+ "PopupRelay.waitForPopupRelayResponse - started",
93
+ correlationId
94
+ );
95
+ performanceClient.addFields(
96
+ { redirectBridgeTimeoutMs: timeoutMs },
97
+ correlationId
98
+ );
99
+
100
+ const { libraryState } = ProtocolUtils.parseRequestState(
101
+ base64Decode,
102
+ request.state || "",
103
+ correlationId
104
+ );
105
+ const expectedId = libraryState.id;
106
+ const expectedOrigin = window.location.origin;
107
+ let settled = false;
108
+
109
+ const cleanup = (): void => {
110
+ window.removeEventListener("message", onMessage);
111
+ clearTimeout(timeoutId);
112
+ clearInterval(closedPoll);
113
+ };
114
+
115
+ const onMessage = (event: MessageEvent): void => {
116
+ if (
117
+ event.origin !== expectedOrigin ||
118
+ event.source !== popupWindow
119
+ ) {
120
+ return;
121
+ }
122
+ const data = event.data;
123
+ if (
124
+ !data ||
125
+ data.type !== POPUP_RELAY_RESPONSE_TYPE ||
126
+ data.id !== expectedId
127
+ ) {
128
+ return;
129
+ }
130
+ if (settled) {
131
+ return;
132
+ }
133
+ settled = true;
134
+ cleanup();
135
+ if (data.error) {
136
+ reject(createBrowserAuthError(data.error, correlationId));
137
+ } else if (data.payload) {
138
+ resolve(data.payload);
139
+ } else {
140
+ reject(
141
+ createBrowserAuthError(
142
+ redirectBridgeEmptyResponse,
143
+ correlationId
144
+ )
145
+ );
146
+ }
147
+ };
148
+ window.addEventListener("message", onMessage);
149
+
150
+ const timeoutId = window.setTimeout(() => {
151
+ if (settled) {
152
+ return;
153
+ }
154
+ settled = true;
155
+ cleanup();
156
+ reject(
157
+ createBrowserAuthError(
158
+ BrowserAuthErrorCodes.timedOut,
159
+ correlationId,
160
+ "popup_relay_timeout"
161
+ )
162
+ );
163
+ }, timeoutMs);
164
+
165
+ const closedPoll = window.setInterval(() => {
166
+ if (popupWindow.closed && !settled) {
167
+ settled = true;
168
+ cleanup();
169
+ reject(
170
+ createBrowserAuthError(
171
+ BrowserAuthErrorCodes.userCancelled,
172
+ correlationId
173
+ )
174
+ );
175
+ }
176
+ }, 500);
177
+ });
178
+ }